CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3921
https://notcve.org/view.php?id=CVE-2007-3921
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. gforge 3.1 y 4.5.14 permite a usuarios locales truncar archivos de su elección mediante un ataque de enlace simbólico (symlink attack) sobre archivos temporales. • http://osvdb.org/42117 http://secunia.com/advisories/27549 http://secunia.com/advisories/27586 http://www.debian.org/security/2007/dsa-1402 http://www.securityfocus.com/bid/26373 http://www.vupen.com/english/advisories/2007/3773 https://exchange.xforce.ibmcloud.com/vulnerabilities/38329 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3918
https://notcve.org/view.php?id=CVE-2007-3918
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en account/verify.php de GForge 4.6b2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro confirm_hash. • http://gforge.org/scm/viewvc.php/trunk/gforge/www/account/verify.php?root=gforge&r1=5967&r2=6092 http://gforge.org/tracker/?func=detail&atid=105&aid=3094&group_id=1 http://secunia.com/advisories/27042 http://secunia.com/advisories/27046 http://www.debian.org/security/2007/dsa-1383 http://www.securityfocus.com/bid/25923 http://www.vupen.com/english/advisories/2007/3356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4966 – GForge < 4.6b2 - 'skill_delete' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4966
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. Vulnerabilidad de inyección SQL en www/people/editprofile.php de GForge 4.6b2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro skill_delete[]. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26803 http://www.portcullis.co.uk/179.php http://www.securityfocus.com/bid/25665 http://www.vupen.com/english/advisories/2007/3174 https://exchange.xforce.ibmcloud.com/vulnerabilities/48844 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-3913 – GForge < 4.6b2 - 'skill_delete' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3913
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el Gforge en versiones anteriores a la 3.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26723 http://www.debian.org/security/2007/dsa-1369 http://www.securityfocus.com/bid/25585 https://exchange.xforce.ibmcloud.com/vulnerabilities/36505 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0246
https://notcve.org/view.php?id=CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. plugins/scmcvs/www/cvsweb.php en el CGI CVSWeb de GForge 4.5.16 anterior al 24/05/2007, también conocido como gforge-plugin-scmcvs, permite a atacantes remotos ejecutar comandos de su elección mediante metacaracteres de línea de comandos en el PATH_INFO. • http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/plugins/scmcvs/www/cvsweb.php?root=gforge&r1=5849&r2=6038&pathrev=6038 http://osvdb.org/36526 http://secunia.com/advisories/25395 http://secunia.com/advisories/25416 http://www.debian.org/security/2007/dsa-1297 http://www.securityfocus.com/bid/24141 http://www.vupen.com/english/advisories/2007/1942 https://exchange.xforce.ibmcloud.com/vulnerabilities/34510 •